Computer Security Risk Management
Understanding your risks, D² Computer Consulting can help you through this. Take a few minutes to
You know that computer security is important to your small business. But do you know exactly what you need to do
today to protect your business? Do you know all of the risks to your business computer system? Do you know the
steps you need to take to protect your business computer system?
We hear reports of computer hackers breaking into business computer networks to attack or shut-down an Internet
site, to disrupt business operations, or to gain access to confidential information. These high-tech break-ins are only
part of a far broader area of security risks that your business faces today.
Some high-tech risks require high-tech responses. Others call for more common-sense measures. A well-considered,
disciplined approach to computer security may be all that you need to significantly reduce the risks to your computer
What does computer security mean? From a business point of view, computer security simple means that your
computer systems will function and your stored information on your computer system will be available to you as needed
for your business.
Precautions can be taken to protect against certain risks such as theft, breakage, power surges, voltage fluctuation,
outages, and disasters including fire, flood and other unthinkable catastrophes. Maintenance agreements provide fast
and reliable service in the event of equipment breakdown.
Extra equipment provides in-house backup for uninterrupted service until the repair person arrives. Many firms buy
inexpensive mail-in or carry-in maintenance and maintain extra hardware to swap in as needed. For example, they
keep one backup printer for every five printers in use and one backup PC for every 20, depending, of course, on age
and reliability of the hardware. Redundant Array of Independent Disks (RAID)-equipped servers and duplicate or
backup servers can add redundancy and reduce the risk of being shut down by equipment failure.
The quality of low-cost computer or server “clones” may be significantly lower than that of brand-name systems.
Extremely low-cost systems often are made with whatever less costly components are available at the moment. Such
components may be inherently less reliable, and the compatibility of the specific components used may not be
Regular backups, with at least a weekly copy of the backed-up data kept off-site are, of course, a necessity and the
most effective way to minimize data loss when inevitable hardware breakdowns occur.
Careful disaster planning is more crucial than ever to assess the risks and damage of catastrophic system failure and
the implementation of appropriate disaster recovery resources. Full duplicate off-site systems including servers, data
and communications links may be necessary to assure continuation of service without interruption in the event of
catastrophic disaster. Such redundancy can be farmed-out to a local firm that specialist in the backup and safe storage
of your critical computer system data. Generally, the expense of full-system redundancy often is unnecessary for small
businesses. For you, as long as none of your stored data is lost, restoring your system functions within several hours or
even several days may be tolerable.
Application software can malfunction for a number of reasons. Failure of an application program can occur through an
accidental erasure of a component piece of the program, its location in the wrong subdirectory, or any of a number of
other arcane causes. Contemporary programs arrive in multiple parts on multiple disks, CD-ROM or downloaded files
that get installed in many directories and subdirectories, as well as altering system configuration and setup files to
serve the application’s needs.
The loss or corruption of one small program utility may prevent the entire program application from operating properly.
The change of one parameter or setting (which easily can happen inadvertently or during the installation of another
piece of software) is enough to disrupt the proper functioning of an application. The best protection against application
software failure is:
• keep the original program source (disks, CD-ROMs, saved and backed-up downloaded files) secure off-site
(outside of your office)
• install software from backup copies of the originals, and use only authorized and registered copies of software
applications (so that the original software application vendor is available for technical support, replacement of disks,
bugs fixes, and software updates).
Network software is notoriously finicky and requires frequent attention. Someone familiar with the network software
either on staff or available on short notice is essential to troubleshoot and restore the network when it crashes, slows to
a crawl or just does not act right. In some situations, loss of access to application programs, loss of data, or loss of
access to data when the network is down can be minimized by backing up or mirroring data on a local hard drive or
floppy disk and by having key software such as word processing applications loaded also on local PC hard drives.
Corruption of software by viruses is another growing security risk, which is best handled by carefully designing
procedures to limit unauthorized access to systems, by discouraging use of unauthorized software and by using
specialized virus protection software. Some offices have systems that automatically bar any new software from being
loaded even onto an individual PC on the network. Others automatically scan all new software for viruses. Anti-virus
software must be updated continually to enable it to identify new viruses that are constantly being created and spread.
Automatic update features are available for the major anti-virus software programs and should be implemented.
A particular problem is software that is acquired electronically, such as from the Internet, whether public domain
software or unauthorized copies of programs. Seemingly minor items such as games, utilities, screen savers or macros
of unknown origin and provenance may put you at serious risk of contracting a virus. Email attachments are a frequent
source of infected code. You need to be attentive to suspect email sent to you. Always pay attention to what you are
loading or downloading onto your computer.
Through the introduction of a computer viruses, your software programs and if not your entire computer network may
be unusable by the simple installation of unauthorized software application on your computer system. Make sure your
staff understands the importance of your policy of banning the installation of unauthorized software. Then periodic
“sweep” your computers to insure that your staff is helping you protect your computer investment.
These simple steps may result in big dividends to the continued operation of your small business.
D Squared Computer Consulting can help you work through these problems either through on-site consultation or by
taking these responsibilities on for you. Your success is our success!
D Squared Computer Consulting
D Squared Computer Consulting